Database monitoring seems among the lackluster routine tasks for database administrators. Why bother, when there are Big Data projects to be created and cloud computing to explore? Why should you monitor database activity?
Adrian Lane, a security analyst writing on Dark Reading, notes:
“This is why! Hackers stole $45 million from ATMs — a theft made possible by breaching several bank databases and make simple alterations that allowed thieves to siphon [off] cash.”
Because that attack was carried out in waves, “[T]he easiest point of detection should have been through the database;” he says, “one of the types of attacks that database activity monitoring systems were designed for.”
Database security is critical in preventing these sorts of events, but monitoring is a critical line of defense for enterprise networks.
Database monitoring helps by tracking users with specific privileges in the system as well as sounding the alarm when any odd changes to data are noticed, some of which may be the hallmarks of either an intrusion or internal theft.
Most data is stolen when the data is simply residing in the database, the 2013 Verizon Data Breach Report found:
“Not one breach in this sample happened to data that was ‘in transit’. In fact, two-thirds of breaches involved data ‘at rest’ (in databases and on file servers), and the rest was being processed when compromised.”
The Data Breach Investigations report, produced annually since 2008, analyzed approximately 47,000 different security incidents. Database administrators have any number of tools available to them. Database monitoring systems have been available for more than 10 years.
“Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a more accurate picture of what’s going on within the database. Vendor DAM tools can help simplify that correlation and provide the administrator with the ability to detect attacks as well as provide forensic evidence in the case of an actual data breach.”
Auditing tools simply allow a database administrator to see the data that has been changed. Database activity monitoring goes farther, allowing compliance controls, for example, to be enacted. A user can look across platforms to see how data is being accessed and to see who is accessing it. It can also be used for operations monitoring as well as for tasks such as assessing compliance with government regulations.
In other words, database activity monitoring is an essential task to which database administrators must devote their time and resources. What are your thoughts? Let us know, we’d love to hear from you.
Image by U.S. News/Money.
EPM applications help measure the business performance. This post will help you choose the best EPM solutions for your organization’s needs and objectives.
It’s 2015 and you can now establish totally respectable MS SQL DBA credibility just by mentioning you have been in the game since SQL Server version 9. You may even get the same gasps of shock from some colleagues that used to be reserved for the version 6 veterans.